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1 JUoksod^ Q 
M wireless channels 

^ Glenn Judd, Peter Steenkiste 

August 2005 Proceeding of the 2005 ACM SIGCOMM workshop on Experimental 

approaches to wireless network design and analysis E-WIND '05 
Publisher: ACM Press 

Full text available: ^pdf(6.06 MB) Additional Information: full citation, abstract, references, index terms 

Physical layer wireless network emulation has the potential to be a powerful experimental 
tool. An important challenge in physical emulation, and traditional simulation, is to 
accurately model the wireless channel. In this paper we examine the possibility of using 
on-card signal strength measurements to capture wireless channel traces. A key 
advantage of this approach is the simplicity and ubiquity with which these measurements 
can be obtained since virtually all wireless devices provide the req ... 

Keywords: channel capture, emulation, wireless 

2 Session 2: secure Web services: Designing a distributed access control processor for U 

i& network services on the Web 
™ Reiner Kraft 

November 2002 Proceedings of the 2002 ACM workshop on XML security 
Publisher: ACM Press 

Full text available: pdfT3Q1.14 KB? Additional Information: full citation, abstract, references, index terms 

The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the vision 
of many,and might represent a step towards the semantic Web. However, security is a 
crucial requirement for the serious usage and adoption of the Web services technology. 
This paper enumerates design goals for an access control model for Web services. It then 
introduces an abstract general model for Web services components, along ... 

Keywords: Web services, XML, access control, security 
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4 Towards a secure platform for distributed mobile object computing 
^ Marc Lacoste 

^ April 2000 ACM SIGOPS Operating Systems Review, volume 34 issue 2 
Publisher: ACM Press 

Full text available: * gj pdf(1.42 MB) Additional Information: full citation, abstract, index terms 

We present some issues relevant to the design of a secure platform for distributed mobile 
computing, that goes beyond existing ad-hoc approaches to software mobility. This 
platform aims to support wide-area computing applications such as active network 
infrastructures or network supervision tools. Our contribution is two-fold: the first part of 
the paper is a survey of the security features of a few languages and virtual machines as 
regards authentication, access control, and communications secu ... 

got S. W. Smith 

>^ June 2001 ACM SIGecom Exchanges, volume 2 issue 3 
Publisher: ACM Press 

Full text available: ^J?dfil35.26 KB). Additional Information: MLQjtatjon, abstract, references, index terms 

Web-based commerce is rife with scenarios where a party needs to trust properties of 
computation and data storage occurring at a remote machine, operated by a different 
party with different interests. In our WebALPS project, we have used off-the-shelf 
hardware and open source software to build trusted co-servers co-resident with Web 
servers, and bring the secure SSL channel all the way into these trusted co-servers. In 
this paper, we survey how this tool can be used to systematically addr ... 



6 Systems.and.arch Q 

& Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenbaum, Frank L.A.J. Kamperman 

^ October 2004 Proceedings of the 4th ACM workshop on Digital rights management 

Publisher: ACM Press 

Full text available: ^pdfC222.4g.KBj Additional Information: fuJlcitaiipn, abstract, references, index terms 

This paper describes a security architecture allowing digital rights management in home 
networks consisting of consumer electronic devices. The idea is to allow devices to 
establish dynamic groups, so called "Authorized Domains", where legally acquired 
copyrighted content can seamlessly move from device to device. This greatly improves 
the end-user experience, preserves "fair use" expectations, and enables the development 
of new business models by content providers. Key to our design is a hyb ... 

Keywords: DRM architectures, compliant CE devices, digital content protection 
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^ Vishal Kher, Yongdae Kim 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 

survivability StorageSS '05 
Publisher: ACM Press 

Full text available: Wpd£294 Additional Information: Mlcitation, abstract, references, indejcjterms 
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The rapid increase of sensitive data and the growing number of government regulations 
that require longterm data retention and protection have forced enterprises to pay serious 
attention to storage security. In this paper, we discuss important security issues related 
to storage and present a comprehensive survey of the security services provided by the 
existing storage systems. We cover a broad range of the storage security literature, 
present a critical review of the existing solutions, compare ... 

Keywords: authorization, confidentiality, integrity, intrusion detection, privacy 



8 DRM experience: Digital rights management in a 3G mobile phone and beyond 

Thomas S. Messerges, Ezzat A. Dabbish 
^ October 2003 Proceedings of the 3rd ACM workshop on Digital rights management 
DRM '03 

Publisher: ACM Press 

Additional Information: MLcltatjorr, abstract, jrefejre&pes, citings, Index 



Full text available: ISa Ddf[303.59 KB) 

" " terms 

In this paper we examine how copyright protection of digital items can be securely 
managed in a 3G mobile phone and other devices. First, the basic concepts, strategies, 
and requirements for digital rights management are reviewed. Next, a framework for 
protecting digital content in the embedded environment of a mobile phone is proposed 
and the elements in this system are defined. The means to enforce security in this system 
are described and a novel "Family Domain" approach to content management ... 

Keywords: MPEG-21, copyright protection, cryptography, digital content, digital rights 
management, embedded system, key management, mobile phone, open mobile alliance, 
security 



Digital rights management for content distribution 
Qiong Liu, Reihaneh Safavi-Naini, Nicholas Paul Sheppard 

January 2003 Proceedings of the Australasian information security workshop 
conference on ACSW frontiers 2003 - Volume 21 CRPITS '03 

Publisher: Australian Computer Society, Inc. 

Full text available* $$3 df/224 63 KB j Add ' t ' ona ' Information: Ml .citation, abstract, references, citings, index 
' ^ " " * terms 

Transferring the traditional business model for selling digital goods linked to physical 
media to the online world leads to the need for a system to protect digital intellectual 
property. Digital Rights Management(DRM) is a system to protect high-value digital assets 
and control the distribution and usage of those digital assets. This paper presents a 
review of the current state of DRM, focusing on security technologies, underlying legal 
implications and main obstacles to DRM deployment with the ... 

Keywords: DRM, digital content 
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http://portal.acm.org/resultsx^ 2/8/06 



Results (page 1): ticket and "digital signature" and "private key" and consumer and provide Page 4 of 6 



Birgit Pfitzmann, Michael Waidner 

November 2002 Proceedings of the 2002 ACM workshop on Privacy in the Electronic 

Society 
Publisher: ACM Press 

Full text available: ^pdf{.16fr JJ5.KB) Additional Information: ML citation, abstract, reMences, index terms 

Browser-based attribute-exchange protocols enable users of normal web browsers to 
conveniently send attributes, such as authentication or demographic data, to web sites. 
Such protocols might become very common and almost mandatory in general consumer 
scenarios over the next few years. We derive the privacy requirements on such protocols 
from general privacy principles and study their consequences for the protocol design. We 
also survey to what extent proposals like Microsoft's Passport, IBM's e- ... 

Keywords: BBAE, Liberty, Passport, SAML, Shibboleth, attribute-exchange, e-Community 
Single Signon, identity management, privacy, roles, security, single signon, traffic data, 
wallet, web browser 



12 Applications: Context sensitive access control 

R. J. Hulsebosch, A. H. Salden, M. S. Bargh, P. W. G. Ebben, J. Reitsma 

^ June 2005 Proceedings of the tenth ACM symposium on Access control models and 
technologies 
Publisher: ACM Press 

Full text available: "H p pdf(145.62 KB) Additional Information: full citation, abstract, references, index terms 

We investigate the practical feasibility of using context information for controlling access 
to services. Based solely on situational context, we show that users can be transparently 
provided anonymous access to services and that service providers can still impose various 
security levels. Thereto, we propose context-sensitive verification methods that allow 
checking the user's claimed authenticity in various ways and to various degrees. More 
precisely, conventional information management approac ... 

Keywords: access control, authentication, context sensitive, context verification, service 
usage patterns 



13 Escrow services and incentives in peer-to-peer networks 
^ Bill Home, Benny Pinkas, Tomas Sander 

^ October 2001 Proceedings of the 3rd ACM conference on Electronic Commerce 
Publisher: ACM Press 



Full text available- odtf265 69 KBi Additional Information: Motion, attract, references, citings, index 
' 1 terms 

Distribution of content, such as music, remains one of the main drivers of P2P 
development. Subscription-based services are currently receiving a lot of attention from 
the content industry as a viable business model for P2P content distribution. One of the 
main problems that such services face is that users may choose to redistribute content 
outside the community of subscribers, thereby facilitating large-scale piracy. Digital Rights 
Management (DRM) systems typically employ tamper resistance te ... 

1* Mobile services and technoiogy track: A conceptual approach to information security | 

^ Manish Agrawal, Hemant Padmanabhan, Lokesh Pandey, H. R. Rao, Shambhu Upadhyaya 
March 2004 Proceedings of the 6th international conference on Electronic commerce 

ICEC '04 
Publisher: ACM Press 

Full text available: WpdfQ73.J0J<Bj Additional Information: Mlcrtetion, abstract, references 
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An important dimension of mobile computing is the ubiquitous and location-independent 
availability of data. Aggregation is the ability to electronically access and display personal 
account information from disparate sources through a single identity. The client financial 
data is assembled in an organized format providing meaningful summarization and 
analysis. The prevalent methods of aggregation pose issues in information security and 
assurance. Utilizing advances in Internet technology such as ... 

Keywords: account service providers, aggregation, identity service providers, scraping 



15 Ad hoc networks: The security of vehicular ad hoc networks 

Maxim Raya, Jean-Pierre Hubaux 
^ November 2005 Proceedings of the 3rd ACM workshop on Security of ad hoc and 
sensor networks SASN '05 

Publisher: ACM Press 

Full text available: ^ pdf(283.9o KB) Additional Information: full citation, abstract, references, index terms 

Vehicular networks are likely to become the most relevant form of mobile ad hoc 
networks. In this paper, we address the security of these networks. We provide a detailed 
threat analysis and devise an appropriate security architecture. We also describe some 
major design decisions still to be made, which in some cases have more than mere 
technical implications. We provide a set of security protocols, we show that they protect 
privacy and we analyze their robustness, and we carry out a quantitative ... 

Keywords: security, vehicular ad hoc networks 



16 Approaches to fault-tolerant and transactional mobile agent execution— an 

^ algorithmic view 

^ Stefan Pleisch, Andre Schiper 

September 2004 ACM Computing Surveys (CSUR), volume 36 issue 3 

Publisher: ACM Press 

Full text available: *gj pdf(945.94 KB) Additional Information: full citation, abstract, references, index terms 

Over the past years, mobile agent technology has attracted considerable attention, and a 
significant body of literature has been published. To further develop mobile agent 
technology, reliability mechanisms such as fault tolerance and transaction support are 
required. This article aims at structuring the field of fault-tolerant and transactional 
mobile agent execution and thus at guiding the reader to understand the basic strengths 
and weaknesses of existing approaches. It starts with a discu ... 

Keywords: ACID, Byzantine failures, agreement problem, asynchronous system, commit, 
crash failures, fault tolerance, malicious places, mobile agents, replication, security, 
transaction 
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Security in mobile communications: challenges and opportunities 
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Audun Josang, Gunnar Sanderud 

January 2003 Proceedings of the Australasian information security workshop 
conference on ACSW frontiers 2003 - Volume 21 CRPITS '03 

Publisher: Australian Computer Society, Inc. 

Additional Information: full citation, abstract, references, citings, index 



Full text available: ■ podf; 117.04 KB) 

^ terms 

The nature of mobile communication, characterised for example by terminals having poor 
user interface and limited processing capacity, as well as complex combination of network 
protocols, makes the design of security solutions particularly challenging. This paper 
discusses some of the difficulties system architects are faced with as well as some 
advantages mobile networks offer when designing security solutions for mobile 
communication. 



Keywords: heterogeneous networks, mobile devices, security, usability 



19 Bidirectional rnobiie code trust management using tamper resistant hardware Q 
John Zachary, Richard Brooks 

April 2003 Mobile Networks and Applications, volume 8 issue 2 
Publisher: Kluwer Academic Publishers 

Full text available: ^ )pdf(152.99 KB) Additional Information: f q| | ci tat io n , gbstraot, references, index terms 

Trust management in a networked environment consists of authentication and integrity 
checking. In a mobile computing environment, both remote hosts and mobile code are 
suspect. We present a model that addresses trust negotiation between the remote host 
and the mobile code simultaneously. Our model uses tamper resistant hardware, public 
key cryptography, and one-way hash functions. 

Keywords: authentication, hash functions, mobile code, tamper resistant hardware, trust 
management 



20 Supporting^ Q 
Holger Vogt, Felix C. Gartner, Henning Pagnia 
April 2003 Mobile Networks and Applications, volume 8 issue 2 

Publisher: Kluwer Academic Publishers 

Full text available: ^pdf(.146 J9.KBj Additional Information: Mlcitation, abstract, references, index terms 

Mobile commerce over the Internet always includes the exchange of electronic goods. Fair 
exchange protocols establish fairness and ensure that both participants can engage in the 
exchange without the risk of suffering a disadvantage (e.g., losing their money without 
receiving anything for it). In general, fair exchange protocols require the continuous 
availability of an external trusted third party (UP), a dedicated site which is trusted by 
both participants. Implementations of TTPs for ... 

Keywords: disconnected operations, fair exchange, mobile commerce, tamper-proof 
hardware, time-sensitive items 
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